Data Privacy & Security

Compliance and Risk Counseling

For many clients, the first step in becoming familiar with data privacy and security matters is to identify which laws apply to them and the data they hold, then identify what risks they may face. We can assist you by:

  • Ensuring that you have legally compliant (or industry-standard) policies and procedures to safeguard your data (e.g., HIPAA, state laws, Gramm-Leach-Bliley, FTC, TCPA, CAN-SPAM, FINRA SEC, FFIEC, NIST)
  • Developing privacy and cybersecurity programs
  • Conducting training on the privacy and security laws relevant to your business
  • Preparing website and mobile app privacy policies as well as notices of privacy practices
  • Counseling on how data can be used, disclosed, and transferred (e.g., big data, internet of things (IoT), data monetization, medical research, marketing uses, transfer of data across jurisdictions)
  • Advising you on strategic risks (e.g., advice to Board of Directors on how to oversee cybersecurity risks)
  • Advising on cyber-insurance policies
  • Assisting with implementation of vendor management programs
  • Conducting gap assessments

Success Stories

Educating HIPAA

Our attorneys have assisted hundreds of clients with HIPAA privacy and security matters. We maintain model policies and procedures and related forms, such as business associate agreements. We have also trained clients on these rules. For example, in 2015 we conducted an in-person training session for a Midwestern client. However, this client has operations throughout the country and needed to train personnel in those locations. We took the customized training program and recorded a web seminar of the program. As a result, the client could train both current and future employees.

B.Y.O.D.

Our team advised a Midwestern dairy cooperative in connection with the development and implementation of its “Bring Your Own Device” technology policy and with implementation of a data retention and destruction program.